Condusiv Technologies Blog

Condusiv Technologies Blog

Blogging @Condusiv

The Condusiv blog shares insight into the issues surrounding system and application performance—and how I/O optimization software is breaking new ground in solving those issues.

How to Recover Lost or Deleted Files BEFORE Resorting to Outsourced Data Recovery

by Gary Quan 1. November 2017 05:46

Here’s a nightmare scenario…a user accidentally deletes irreplaceable or valued files from a network share, and there is no way to recover the data because:

>The file was created or modified then deleted AFTER the last valid backup/snapshot was taken.

>There is NO valid backup or snapshot to recover the data.

>There was NO real-time recovery software like Condusiv’s Undelete® already installed on the file server

>Sending the disk to a professional data recovery center is COSTLY and TIME-CONSUMING.

What do you do? Well, you may be in luck with a little known feature in Condusiv’s Undelete software product known as “Emergency Undelete.” On NTFS (New Technology File system) formatted volumes, which is the default file system used by Windows, there is an unfamiliar characteristic that can be leveraged to recover your lost data.

When a file gets deleted from a Windows volume, the data has not yet been physically removed from the drive. The space where that file data was residing is merely marked as “deleted” or available for use. The original data is there and will remain there until that space is overwritten by new data. That may or may not happen for quite a while. By taking the correct steps, there is an extremely good chance that this ‘deleted’ file can still be recovered. This is where Emergency Undelete comes in.

Emergency Undelete can find deleted files that have not yet been over-written by other files and allow you to recover them. To increase your chances of recovering lost data, here are some best practices to follow as soon as the files have been accidentally deleted.

1. Immediately, reduce or do away with any write activity on the volume(s) you are trying to recover the deleted files from. This will improve your chances of recovering the deleted files.

2. Get Condusiv’s Undelete to leverage its Emergency Undelete feature.  Emergency Undelete is part of the Undelete product package.

3. REMEMBER: You want to prevent any write activity on the volume(s) you are trying to recover the deleted files from, so if you are trying to recover lost files from your system volume, then do one of the following:

a. Copy the Undelete product package to that system, but to a different volume than the one you are recovering lost files from. Run the Undelete install package and it will allow you to run Emergency Undelete directly to recover the lost files.

  

b. If you do not have an extra volume on that system, then place the Undelete product package on a different system, run it and Emergency Undelete will allow you to place the Emergency Undelete package onto a CD or a USB memory stick. You can then place the CD/Memory stick on the system you need to recover from and run it to recover the lost files.

 

 

Now if the lost files do not reside on the system volume, you can just place the Undelete product package on the system volume, run it and select to run Emergency Undelete directly to recover the lost files.

4. When recovering the lost files, recover them to a different volume.

These same steps will also work on FAT (File Allocation Table) formatted storage that is used in many of the memory cards in cameras and phones. So, if some irreplaceable photos or videos were accidentally deleted, you can use these same steps to recover these too. Insert the memory card onto your Windows system, then use Emergency Undelete to recover the lost photos. 

Emergency Undelete has saved highly valuable Microsoft Office documents and priceless photos for thousands of users. It can help in your next emergency, too.

 

Tags:

Data Protection | Data Recovery | Undelete

Undelete Can Do That Too?

by Gary Quan 30. August 2017 04:46

You may have already heard countless customers tout the file recovery features of Condusiv’s Undelete® and how IT Pros use it as a recycle bin on file servers for real-time protection, so they don’t have to dig through backups to recover deleted or overwritten files. Although this is Undelete’s primary function, Undelete provides more than just this. 

What most people do not know is that Undelete also provides features to keep your data secure and visibility into who deletes files from file servers.

When a file is deleted, many assume that file data is now safe from being seen by others. Not so fast. When data gets deleted on a Windows volume, the data does not get removed. The space where that file data was residing is just marked as available for use, but the original file data is still there and will remain there until that space is overwritten by some other file data. That may or may not happen for quite a while. This means, that ‘deleted’ file data could still be potentially read. 

So, what do you do if you really want your file data gone when you delete it?  Undelete has the answer with two features. The first feature is “SecureDelete.”  When a file is deleted, SecureDelete will first over-write the file to help ensure it is unrecoverable. In fact, this is done by overwriting it with a specific bit pattern specified for this purpose by the U.S. National Security Agency (NSA) for the Department of Defense (DOD).  The second feature is “Wipe Free Space”, which will overwrite any free space on a selected volume, using the same specific bit patterns as SecureDelete to clear out any previously written data in that free space.

Now, with these two features, when you delete a file, you know it is now virtually impossible to read/recover any of that data from that volume.

Along with file security, there are customers using Undelete as another precautionary security: check how many files are being deleted from file shares and by whom. If they ever detect an abnormal, substantially high number of files being deleted, that raises a flag for them to investigate further.

Although Undelete is usually purchased to recover files, others use it to securely delete files and track back any deleted files to the person who did it.

Tags:

Data Protection | File Protection | Undelete

FAL Remediation and Improved Performance for MEDITECH

by Gary Quan 28. November 2016 12:11

When someone mentions heavy fragmentation on a Windows NTFS Volume, the first thing that usually comes to mind is performance degradation. While performance degradation is certainly bad, what’s worse is application failure when the application gets this error.

 

Windows Error - "The requested operation could not be completed due to a file system limitation“

 

That is exactly what happens in severely fragmented environments. These are show-stoppers that can stop a business in its tracks until the problem is remediated. We have had users report this issue to us on SQL databases, Exchange server databases, and cases involving MEDITECH EMR systems.

Some refer to this problem as the “FAL Size Issue” and here is why. In the Windows NTFS file system, as files grow in size and complexity (i.e., more and more fragmented data), they can be assigned additional metadata structures. One of these metadata structures is called the File Attribute List (FAL). The FAL structure can point to different types of file attributes, such as security attributes or standard information such as creation and modification dates and, most importantly, the actual data contained within the file. In the extremely fragmented file case, the FAL will keep track of where all the fragmented data is for the file. The FAL actually contains pointers indicating the location of the file data (fragments) on the volume. As more fragments accumulate in a file, more pointers to the fragmented data are required, which in turn increases the size of the FAL. Herein lies the problem: the FAL size has an upper limitation size of 256KB. When that limit is reached, no more pointers can be added, which means NO more data can be added to the data file. And, if it is a folder file, NO more files can be added under that folder file.

If a FAL reaches the size limitation, the only resolution was to bring the volume offline, which can mean bringing the system down, then copying the file to a different location (a different volume is recommended), deleting or renaming the original file, making sure there is sufficient contiguous free space on the original volume, rebooting the system to reset the free space cache, then copying the file back. This is not a quick cycle, and if that file is large in size, this process can take hours to complete, which means the system will remain offline for hours while attempting to resolve.

You would think that the logical solution would be – why not just defragment those files? The problem is that traditional defragmentation utilities can cause the FAL size to grow. While it can decrease the number of pointers, it will not decrease the FAL size. In fact, due to limitations within the file system, traditional methods of defragmenting files cause the FAL size to grow even larger, making the problem worse even though you are attempting to remediate it. This is true with all other defragmenters, including the built-in defragmenter that comes Windows. So what can be done about it?

 

The Solution

Condusiv Technologies has introduced a new technology to address this FAL size issue that is unique only to the latest version of V-locity®  for virtual servers and Diskeeper® for physical servers. This new technology called MediWrite™ contains features to help suppress this issue from occurring in the first place, give sufficient warning if it is or has occurred, plus tools to quickly and efficiently reduce the FAL size. It includes the following:

Unique FAL handling: As indicated above, traditional methods of defragmentation can cause the FAL size to grow even further. MediWrite will detect when files are having FAL size issues and will use a proprietary method of defragmentation that keeps the FAL from growing in size. An industry first!

Unique FAL growth prevention: Along with MediWrite, V-locity and Diskeeper contain another very important, patented technology called IntelliWrite® which automatically prevents new fragmentation from occurring. By preventing fragmentation from occurring, IntelliWrite minimizes any further FAL size growth issues.

Unique Offline FAL Consolidation tools: The above technologies help stop the FAL size from growing any larger, but due to File System restrictions, it cannot shrink or reduce the FAL size online. To do this, Condusiv developed proprietary offline tools that will reduce the FAL-IN-USE size in minutes.  This is extremely helpful for companies that already have a file FAL size issue before installing our software. With these tools, the user can reduce the FAL-IN-USE size back down to 100kb, 50kb, or smaller and feel completely safe from the maximum FAL size limits. The reduction process itself takes less than 5 minutes. This means that the system will only need to be taken offline for minutes which is much better than all the hours needed with the current Windows copy method.

FAL size Alerts: MediWrite will dynamically scan the volumes for any FAL sizes that have reached a certain limit (the default is a conservative 50% of the maximum size) and will create an Alert indicating this has occurred. The Alert will also be recorded in the Windows Event log, plus the user has the option to get notified by email when this occurrence happens.

 

For more information, see our MEDITECH Solution Brief

 

 

 

Tags:

Diskeeper | Disruption, Application Performance, IOPS | General | IntelliMemory | IntelliWrite | MEDITECH | V-Locity

Additional benefits from our products

by Gary Quan 3. March 2011 08:06

As the CTO, one of the biggest joys I get is hearing back from customers on the benefits that our products have provided them.  I also find it very interesting how users find other benefits that we had not intentionally planned for the product. For example, one IT Manager would periodically execute a CHKDSK command on all of the disks of his user’s Windows’s systems. The CHKDSK command checks the file system integrity and can fix some logical errors if found.  The IT Manager did this as a preventative measure to catch and fix any logical disk errors before they could cause serious problems. This is a tedious process and can require a reboot in some cases, especially if executed on the system disk.  This IT Manager found an easy way to get this accomplished with Diskeeper. One Diskeeper feature is Boot-Time Defragmentation which will defragment files that cannot be safely defragmented while Windows is running, so it is run during the boot-up process. With Diskeeper, a user can schedule when this Boot-Time Defragmentation will occur and also add the option to perform a CHKDSK as part of the process.  The IT Manager used this feature to automatically schedule for the CHKDSK command to occur at a time that would not impact the users and he would not have to be there to manually perform it. At the same time, he also got the benefit of Boot-Time defragmentation.  If you have any other uses from our products, please send the feedback so I can hear about them.  Use the ‘Diskeeper Feedback’ feature in the Diskeeper product. This is under the ‘Action’ menu option.

Gary Quan

CTO – Diskeeper Corporation

Tags:

Diskeeper

Month List

Calendar

<<  November 2017  >>
MoTuWeThFrSaSu
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910

View posts in large calendar